Gestión de Traps SNMP

Gestión de Traps SNMP

Preparado con materiales de: Carlos Vicente Servicios de Red/Universidad de Oregon Presentacin: Carlos Armas Roundtrip Networks Hervey Allen NSRC Qu son las trampas de SNMP Herramientas: snmptrapd snmptt Integracin con Nagios

Los agentes snmp en dispositivos como routers, switches, printers, servidores, etc. pueden enviar alarmas (traps) cuando ocurren ciertos eventos: Se cae una interfaz Se estropea el ventilador de un router La carga de procesos excede un lmite Se llena una particin de disco Un UPS cambia de estado Es necesario un mecanismo inteligente para

notificar al administrador slo cuando interesa Una vez recogidos los traps, es til hacer dos cosas: Notificar inmediatamente al NOC de ciertos eventos Generar reportes diarios (tipo top-ten) Es til convertir los traps en mensajes Syslog y enviarlos al servidor syslog central Un nico sitio donde ir a buscar mensajes Preferiblemente, con una base de datos

snmptrapd : Daemon includo en paquete Net-SNMP snmptt = SNMP Trap Translator Simplemente recibe los traps via UDP y los pasa a algn gestionador Se integra con snmptrapd y permite manipular los traps con ms flexibilidad Ciertos traps pueden ser capturados por snmptt con reglas de seleccin y enviados a otro software como Nagios La integracin con Nagios resuelve el problema de las notificaciones Re-utilizacin de: grupos de contacto, perodos, mecanismo de mensajes a beepers, etc. /etc/snmp/snmptrapd.conf: ##Permitir

Permitirlas lascomunidades comunidadessnmp snmpsiguientes: siguientes: authCommunity log,execute public authCommunity log,execute public authCommunity authCommunitylog,execute log,executewalc walc ##Delegar Delegartoda todalalagestin gestinaasnmptt snmptt traphandle default /usr/sbin/snmptthandler traphandle default /usr/sbin/snmptthandler Ver: #man snmptrapd

Opciones que nos interesan: -t : No enviar mensajes syslog (lo haremos con otra herramienta) -On : No traducir OIDs numricos a nombres En Ubuntu (/etc/default/snmpd): TRAPDOPTS='-t -On -p /var/run/snmptrapd.pid' [General] [General] mode = daemon mode = daemon dns_enable = 1 dns_enable = 1 net_snmp_perl_enable = 1 net_snmp_perl_enable = 1 translate_log_trap_oid = 1 translate_log_trap_oid = 1 translate_value_oids = 1 translate_value_oids = 1 translate_enterprise_oid_format = 1 translate_enterprise_oid_format = 1 translate_trap_oid_format = 1 translate_trap_oid_format = 1

translate_varname_oid_format = 1 translate_varname_oid_format = 1 translate_integers = 1 translate_integers = 1 keep_unlogged_traps = 1 keep_unlogged_traps = 1 [DaemonMode] [DaemonMode] daemon_fork = 1 daemon_fork = 1 daemon_uid = snmptt daemon_uid = snmptt spool_directory = /var/spool/snmptt/ spool_directory = /var/spool/snmptt/ sleep = 1 sleep = 1 use_trap_time = 1 use_trap_time = 1 [Logging] [Logging] stdout_enable = 0 stdout_enable = 0 syslog_enable = 1 syslog_enable = 1 syslog_level = info syslog_level = info syslog_facility = local6 syslog_facility = local6 [TrapFiles]

[TrapFiles] snmptt_conf_files = /etc/snmp/snmptt.conf snmptt_conf_files = /etc/snmp/snmptt.conf /etc/snmp/snmptt.conf OID EVENT mteTriggerFired .1.3.6.1.2.1.88.2.0.1 "Status Events" Normal EVENT mteTriggerFired .1.3.6.1.2.1.88.2.0.1 "Status Events" Normal FORMAT $* FORMAT $* # Evitar notificaciones diciendo que el valor es 'null' # Evitar notificaciones diciendo que el valor es 'null' Expresin Regular MATCH $*:!(\(null\)$) MATCH $*:!(\(null\)$) EXEC echo $* | mail -s ALARMA [email protected] EXEC echo $* | mail -s ALARMA [email protected] SDESC SDESC Accin Notification that the trigger indicated by the object Notification that the trigger indicated by the object instances has fired, for triggers with mteTriggerType instances has fired, for triggers with mteTriggerType 'boolean' or 'existence'.

'boolean' or 'existence'. Variables: Variables: 1: mteHotTrigger 1: mteHotTrigger 2: mteHotTargetName 2: mteHotTargetName 3: mteHotContextName 3: mteHotContextName 4: mteHotOID 4: mteHotOID 5: mteHotValue 5: mteHotValue EDESC EDESC Utilitario para automatizar la creacin de configuraciones snmptt a partir de un archivo MIB Ahorra mucho tiempo Requisito: El directorio donde est la MIB debe estar incluido en la lista mibdirs del archivo etc/snmp/snmp.conf

Ejemplo: snmpttconvertmib --in /usr/local/netdisco/mibs/cisco/CISCO-ERR-DISABLE-MIB.my -out /etc/snmp/snmptt.conf.cisco.errdisable # # CISCO-ERR-DISABLE-MIB (file:/usr/local/netdisco/mibs/cisco/CISCO-ERR-DISABLE-MIB.my) MIB: MIB: CISCO-ERR-DISABLE-MIB (file:/usr/local/netdisco/mibs/cisco/CISCO-ERR-DISABLE-MIB.my) converted on Tue Oct 28 18:10:05 2008 using snmpttconvertmib v1.2 #converted on Tue Oct 28 18:10:05 2008 using snmpttconvertmib v1.2 ## ## # EVENT cErrDisableInterfaceEvent .1.3.6.1.4.1.9.9.548.0.1.1 "Status Events" Normal EVENT cErrDisableInterfaceEvent .1.3.6.1.4.1.9.9.548.0.1.1 Events" Normal FORMAT The cErrDisableInterfaceEvent is generated when an"Status interface $* FORMAT The cErrDisableInterfaceEvent

is generated when an interface $* SDESC SDESC The cErrDisableInterfaceEvent is generated when an interface cErrDisableInterfaceEvent is generated when an interface orThe {interface, vlan} is error-disabled by the feature or {interface, vlan} is error-disabled by the feature specified in cErrDisableIfStatusCause. specified in cErrDisableIfStatusCause. Variables: Variables:

1: cErrDisableIfStatusCause 1: cErrDisableIfStatusCause EDESC EDESC Luego de generar el archivo, hay que incluirlo en la lista: En snmptt.ini: [TrapFiles] [TrapFiles] snmptt_conf_files = <

TRAPDRUN=yes usar /etc/init.d/snmpd start /etc/init.d/snmptt start Configurar snmptt para enviar traps cuando las interfaces se caen. Usar snmpttconvertmib y la IF-MIB Usar el comando mail para enviar la alarma a [email protected] Comprobar enviando traps desde el enrutador En Cisco, configurar as: snmp-server enable traps snmp linkdown linkup snmp-server trap link ietf snmp-server host 192.168.0.10 version 2c public EVENT mteTriggerFired .1.3.6.1.2.1.88.2.0.1 "Status Events" Normal EVENT mteTriggerFired .1.3.6.1.2.1.88.2.0.1 "Status Events" Normal FORMAT $* FORMAT

$* EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2 "$*" EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2 "$*" define service{ define service{ name name active_checks_enabled active_checks_enabled service_description service_description is_volatile is_volatile check_command check_command max_check_attempts max_check_attempts normal_check_interval normal_check_interval retry_check_interval retry_check_interval passive_checks_enabled passive_checks_enabled check_period check_period notification_interval notification_interval notification_period

notification_period notification_options notification_options notifications_enabled notifications_enabled flap_detection_enabled flap_detection_enabled contact_groups contact_groups register register } } generic-trap generic-trap 0 0 TRAP TRAP 1 1 check-host-alive; check-host-alive; 1 1 1 1 1

1 1 1 none none 31536000 31536000 24x7 24x7 c c 1 1 0 0 nobody nobody 0 0 define service{ define service{ name name active_checks_enabled active_checks_enabled service_description service_description is_volatile

is_volatile check_command check_command max_check_attempts max_check_attempts normal_check_interval normal_check_interval retry_check_interval retry_check_interval passive_checks_enabled passive_checks_enabled check_period check_period notification_interval notification_interval notification_period notification_period notification_options notification_options notifications_enabled notifications_enabled flap_detection_enabled flap_detection_enabled check_freshness check_freshness freshness_threshold freshness_threshold contact_groups contact_groups

register register } } define service{ define service{ use use host_name host_name contact_groups contact_groups } } generic-trap generic-trap 0 0 TRAP TRAP 1 1 check-host-alive; check-host-alive; 1 1 1 1

1 1 1 1 24x7 24x7 31536000 31536000 24x7 24x7 c c 1 1 0 0 1 1 86400 86400 nobody nobody 0 0 generic-trap generic-trap router1 router1

grupo-routers grupo-routers Restringir el trfico de traps en el servidor central Slo permitir que sus equipos enven logs Por ejemplo, usar iptables: # iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 162 -j ACCEPT # iptables -A INPUT -s 0/0 -p udp --dport 162 -j REJECT http://www.net-snmp.org http://www.snmptt.org

Related Presentations

Warm-up #1
Warm-up #1
Thoughts of the Day - it318.groups.et.byu.net
Thoughts of the Day - it318.groups.et.byu.net
Best Practices for Completing a NIH Training Grant Application
Best Practices for Completing a NIH Training Grant...
Homologs, Orthologs and Paralogs Identifying changes in the
Homologs, Orthologs and Paralogs Identifying chang...
Cataloging Video Recordings in RDA Southeast Music Library
Cataloging Video Recordings in RDA Southeast Music...
Arthrokinematics - PC&#92;|MAC
Arthrokinematics - PC\|MAC
Lord of the Flies - Weebly
Lord of the Flies - Weebly
Tuesday, September 6 (chapters 1-3)
Tuesday, September 6 (chapters 1-3)

Recently Viewed Presentations

  • chp 1

    chp 1

    Table 1.2 summarizes the major differences between these two perspectives on consumer research. To understand how an interpretive framework helps us to understand marketing communications, let's refer to an analysis of one of the best-known and longest-running (1959-1978) advertising campaigns...
  • Welcome to PARO Jeopardy Call Schedules Vacation &

    Welcome to PARO Jeopardy Call Schedules Vacation &

    Welcome to PARO Jeopardy * * * * * * * * * * * 100 200 300 200 300 300 100 200 100 Vacation & Professional Leave Call Schedules Holidays & Lieu Days 100 One of the residents on...
  • SQUIDs (Superconducting QUantum Interference Devices)

    SQUIDs (Superconducting QUantum Interference Devices)

    SQUIDs (Superconducting QUantum Interference Devices) By Agnieszka Czeszumska Talk Outline Superconductivity Josephson Tunneling Phase of electron pairs DC SQUID Laboratory Setup Applications Why SQUIDs?
  • Gdc 2005 - Amd

    Gdc 2005 - Amd

    McDonald and Burley. Per-face texture mapping for real-time rendering, McDonald and Burley, SIGGRAPH 2011 Talk. Practical Ptex for Games, John McDonald, Game Developer Magazine, January, 2012
  • Chapter 1 Introduction: Matter and Measurement

    Chapter 1 Introduction: Matter and Measurement

    Pressure (in atm)= 732 mmHg 1 atm 760 mmHg = 0.963 atm Pressure (in Pa)= 732 mmHg 101325 Pa 760 mmHg = 97591.9 Pa = 97.5919 kPa A manometer is used to measure the pressure of an enclosed gas. Their...
  • bloodborne pathogens training - DePaul University

    bloodborne pathogens training - DePaul University

    Do not attempt to provide first aid beyond your training. Warn others if they are getting too close or attempting to provide first aid, as they may not be aware of the risks. Respond promptly and appropriately to situations that...
  • Toward Accountable Care Where Policy Meets Practice: Lessons

    Toward Accountable Care Where Policy Meets Practice: Lessons

    Jeff Goldsmith Driving the Nitroglycerin Truck Healthcare Forum Journal March/April 1993 Culture of Quality and Safety: Billings Clinic CMS PGP Demo Early adopter CMS Core Measures ICU Bundles(Pronovost) MRSA reduction using positive deviance technique Specialty Society Quality Data: STS, ACC,...
  • europa.eu

    europa.eu

    The EU symbols The motto: United in diversity The European anthem Europe Day, 9 May The European flag The euro * *